symfonos 5 walkthrough Vulhub CTF

Today we are solving symfonos 5 walkthrough Vulhub CTF

symfonos VM is made by Zayotic. This VM is a purposely built vulnerable lab with the intent of gaining experience in the world of penetration testing. symfonos 5 walkthrough

It is of Beginner real-life based and is very handy in order to brush up your skills as a penetration tester.

Network Scanning

identifies the target IP address we will initiate with netdiscover.

symfonos 5 walkthrough

advance network scanning using the Nmap Aggressive scan. All port and services.

We see the target system port 21 ssh, 80 HTTP, 389 LDAP, service is running.

symfonos 5 walkthrough

we got the port 80 open, we decided to open the IP address in the web browser.

symfonos 5 walkthrough

I am adding our target VM IP Address our /etc/hosts file symfonos.server

symfonos 5 walkthrough
Directory Bruteforcing

we chose DIRB for directory brute force attack finding server all directory

symfonos 5 walkthrough

After brute-forcing the directory we see a admin.php directory now open the directory any web browser

I am using firefox and I see the simple login page I tried password brute burp suite but no correct credential found i try to open home directory but the home page is redirecting admin page

symfonos 5 walkthrough

I try to open home page source code Using curl tool get the target home page source code

we see the home.php URL is redirecting localhost php file

symfonos 5 walkthrough
Try LFI with curl tool

We see the target passwd mean target is vulnerable LFI

symfonos 5 walkthrough

Try reading source code admin.php file

we got an LDAP username and password

I run the Nmap script to login with username and password

symfonos 5 walkthrough

try to log in the credentials ssh connection

userPassword: cetkKf4wCuHC9FET
mail: [email protected]

  • username: zeus
  • password: cetkKf4wCuHC9FET
symfonos 5 walkthrough

Privilege Escalation

run sudo -l to check for commands that can run as sudo. It looks like dpkg can run as sudo.

symfonos 5 walkthrough
symfonos 5 walkthrough

So after rummaging the internet, we find out some information about building packages with fpm

symfonos 5 walkthrough

After generating dpkg file download the target /tmp directory I star our Simple python server and wget to download the file target system

symfonos 5 walkthrough

I run the dpkg package and our shell is changed normal user to root user

symfonos 5 walkthrough
Next Walkthrough Os-hackNos-4 Walkthrough see here